Skip to content

Commit

Permalink
update
Browse files Browse the repository at this point in the history
  • Loading branch information
@youyo
youyo committed Nov 9, 2019
1 parent 0edcf9d commit 9a2e743
Showing 1 changed file with 57 additions and 4 deletions.
61 changes: 57 additions & 4 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,9 @@ AWS assume role credential wrapper.

awscredswrap uses temporary credentials for the specified iam role to set a shell environment variable or execute a command.

## Install
## Use as CLI

### Install

- Brew

Expand All @@ -19,7 +21,7 @@ $ brew install youyo/tap/awscredswrap

Other platforms are download from [github release page](https://github.com/youyo/awscredswrap/releases).

## Usage
### Usage

```bash
$ awscredswrap --help
Expand All @@ -37,13 +39,13 @@ Flags:
--version version for awscredswrap
```

### As command wrapper
#### As command wrapper

```console
$ awscredswrap --role-arn arn:aws:iam::00000000:role/foo -- some_command [arg1 arg2...]
```

### As env exporter
#### As env exporter

When awscredswrap is executed with no arguments, awscredswrap outputs shell script to export AWS credentials environment variables.

Expand All @@ -63,6 +65,57 @@ $ eval $(awscredswrap --role-arn arn:aws:iam::00000000:role/foo)

Temporary credentials has expiration time (about 1 hour).

---

## Use as GitHub Actions

### Inputs

#### `role_arn`

**Required** The arn of the role to assume.

#### `role_session_name`

An identifier for the assumed role session. (default awscredswrap@GitHubActions)

#### `duration_seconds`

The duration, in seconds, of the role session. (default 3600)

### ENV

- `AWS_ACCESS_KEY_ID` **Required**
- `AWS_SECRET_ACCESS_KEY` **Required**
- `AWS_DEFAULT_REGION` **Required**

Recommended to get `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` from secrets.

### Example usage

```yaml
on: [push]

jobs:
assume_role:
runs-on: ubuntu-latest
steps:
- name: Assume Role
uses: youyo/awscredswrap@master
with:
role_arn: ${{ secrets.ROLE_ARN }}
duration_seconds: 3600
role_session_name: 'awscredswrap@GitHubActions'
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: 'ap-northeast-1'
- name: Identity Check
uses: actions/aws/cli@master
with:
args: sts get-caller-identity
```

## License

[MIT](LICENSE)
Expand Down

0 comments on commit 9a2e743

Please sign in to comment.